After delays, DISA extends Google email pilot

A pilot program showing how Defense Department personnel might securely access email from a commercial cloud provider has been delayed because of spending cuts and employee furloughs, according to the chief technology officer of the Defense Information Systems Agency.

During the first phase of the pilot, originally scheduled to end Sept. 30, 50 DISA employees were slated to use Google Apps for Government to work with only nonsensitive unclassified data.

At the same time, DISA's Field Security Office planned to evaluate whether Google Apps for Government can support additional pilot users as well as handle sensitive but unclassified data.

The pilot test now has been extended through November, according to DISA officials.

“Due to resource conflicts (brought on by sequestration and furlough), the DISA-Google pilot for DOD Commercial Cloud Email Service was delayed. As such, we are continuing evaluations through the end of November with the final analysis taking place in December,” David Mihelcic, DISA CTO, said via email.

The pilot test is part of a Cooperative Research and Development Agreement (CRADA) signed by DISA and Google in February in which the organizations agreed to explore innovate ways for DOD users to authenticate to commercial cloud service providers.

As part of the CRADA, DISA’s Enterprise Services Directorate developed a proof of concept Authentication Gateway Service that allows for secure translation between DOD public-key infrastructure, Common Access Card (CAC) authentication and Google-provided cloud services using a standards-based protocol known as the Security Assertion Markup Language, or SAML.

To demonstrate the authentication gateway, DISA's Office of the Chief Technology Officer launched a pilot of Google Apps for Government that lets users use their CACs for authentication, eliminating the need for the less secure password-based login. Pilot users will evaluate commercial cloud-based services like Google Apps for Government in a typical DOD unclassified office environment.

The DISA-Google CRADA work is a test that, if successful, would allow DISA to bring competitive commercial cloud-based email providers into the Defense Enterprise Email (DEE) service offering, Rear Adm. David Simpson, vice director of DISA, said in a release issued in May.

The Defense Enterprise Email service, hosted in DISA's Defense Enterprise Computing Centers, provides secure cloud-based email to the DOD enterprise, and is designed to increase efficiency and collaboration. .

The goal of the Google pilot would be to provide a portion of the user community low-cost email by technically acceptable service providers whose security meets the missions of the DEE users, Simpson said.

“The target implementation would integrate lower cost offerings into the Single Email Enterprise in a manner that continues to utilize one Directory Service for the entire DOD and seamless collaboration between commercial and DOD-hosted DEE environments," Simpson said.

DISA also is using the Google pilot to explore next-generation approaches to cloud-based email that can augment the DEE service. The key to this is the ability to integrate DISA's Enterprise Directory Services with cloud-based email to allow a single global address list and seamless email interoperability.

DISA is using its Identity Synchronization Service to automatically set up Google pilot users and synchronize the global address list between DEE and the pilot, DISA officials said.

"If we can validate this approach, in the future we will be able to competitively acquire cloud-based email services to provide browser-based email for users that don't need all of DEE's features," Jack Wilmer, DISA’s deputy CTO for enterprise services, said in May.